This was not specifically a WordPress hack but rather a server hack that needs to ultimately to be dealt with by your website host.
To fix start by changing your character encoding back to UTF-8 from UTF-7 by clicking Settings > Reading and typing in UTF-8 under the ‘Encoding for pages and feeds’ section and clicking ‘Save Changes’.
Next, goto Appearance > Widgets and finding a Text widget installed with the following or similar script in the text box. It might appear under ‘Inactive Sidebar’.
“<script>document.documentElement.innerHTML = unescape(‘%48%61%63%6b%65%64%20%42%79%20%42%61%64%69’);</script>”
You’ll need to reconfigure your widgets.
Then change your site title back under Settings > General.
UTF-7, which the hack sets your character set to is to allow code to be passed through the DB and is detrimental from a security point of view.
If you go into the Settings > Reading screen in the BEFORE you delete Badi’s text widget with his/her script in, then you see an option called ‘Encoding for pages and feeds’ to set the character encoding back to UTF-8. If you delete the script then that option disappears.
The option was taken out of the dashboard in WP 3.5.